codebase-exploration
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): This skill provides a surface for indirect prompt injection as it is designed to ingest and summarize external, untrusted codebase content. * Ingestion points: Processes files and directory structures using tools like grep, fd, and ast-grep. * Boundary markers: No delimiters or explicit instructions are provided to the agent to disregard instructions found within the code. * Capability inventory: The skill primarily uses read-only tools such as ls, tree, rg, and git log. * Sanitization: No sanitization of the content retrieved from the codebase is performed.
- Metadata Poisoning (LOW): The documentation references external files (REFERENCE.md and EXAMPLES.md) that are not provided in the skill package, which could theoretically contain malicious instructions that the agent might follow if it attempts to resolve those references.
Audit Metadata